package y7;

import i7.b1;
import i7.c2;
import i7.c3;
import i7.g4;
import i7.j1;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;
import unified.vpn.sdk.o7;
import y7.r;

/* loaded from: classes3.dex */
public class s extends a0 {

    /* renamed from: n, reason: collision with root package name */
    public static final h7.b f87703n = h7.c.b(s.class);

    /* renamed from: e, reason: collision with root package name */
    public r.c f87704e;

    /* renamed from: f, reason: collision with root package name */
    public boolean f87705f;

    /* renamed from: g, reason: collision with root package name */
    public g4 f87706g;

    /* renamed from: h, reason: collision with root package name */
    public i7.a f87707h;

    /* renamed from: i, reason: collision with root package name */
    public Date f87708i;

    /* renamed from: j, reason: collision with root package name */
    public String f87709j;

    /* renamed from: k, reason: collision with root package name */
    public x f87710k;

    /* renamed from: l, reason: collision with root package name */
    public boolean f87711l;

    /* renamed from: m, reason: collision with root package name */
    public c2 f87712m;

    public s(g4 g4Var) throws GeneralSecurityException {
        super(null);
        this.f87704e = r.c.SIGNING_CERTIFICATE;
        this.f87705f = true;
        this.f87711l = true;
        this.f87706g = g4Var;
        i7.a C = g4Var.C();
        this.f87707h = C;
        ArrayList<String> C2 = C.C();
        this.f87709j = C2.get(C2.size() - 1);
        this.f87708i = new Date();
        x d10 = d();
        this.f87710k = d10;
        h7.b bVar = f87703n;
        Object[] objArr = new Object[2];
        objArr[0] = d10.D() ? "document-level timestamp " : "";
        objArr[1] = this.f87709j;
        bVar.f(String.format("Checking %ssignature %s", objArr));
    }

    @Override // y7.a0, y7.f
    public List<h0> b(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        a0 a0Var = new a0(this.f87663a);
        a0Var.c(this.f87609c);
        b bVar = new b(a0Var, e());
        bVar.c(this.f87609c);
        bVar.a(this.f87711l || this.f87664b);
        u uVar = new u(bVar, f());
        uVar.c(this.f87609c);
        uVar.a(this.f87711l || this.f87664b);
        return uVar.b(x509Certificate, x509Certificate2, date);
    }

    public x d() throws GeneralSecurityException {
        x k02 = this.f87707h.k0(this.f87709j);
        if (!this.f87707h.h0(this.f87709j)) {
            throw new g0(null, "Signature doesn't cover whole document.");
        }
        h7.b bVar = f87703n;
        bVar.f("The timestamp covers whole document.");
        if (!k02.L()) {
            throw new g0(null, "The document was altered after the final signature was applied.");
        }
        bVar.f("The signed document has not been modified.");
        return k02;
    }

    public List<X509CRL> e() throws GeneralSecurityException, IOException {
        j1 C0;
        ArrayList arrayList = new ArrayList();
        c2 c2Var = this.f87712m;
        if (c2Var == null || (C0 = c2Var.C0(c3.W6)) == null) {
            return arrayList;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance(o7.f74519b);
        for (int i10 = 0; i10 < C0.size(); i10++) {
            arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(g4.C0((b1) C0.g1(i10)))));
        }
        return arrayList;
    }

    public List<BasicOCSPResp> f() throws IOException, GeneralSecurityException {
        j1 C0;
        ArrayList arrayList = new ArrayList();
        c2 c2Var = this.f87712m;
        if (c2Var == null || (C0 = c2Var.C0(c3.Gc)) == null) {
            return arrayList;
        }
        for (int i10 = 0; i10 < C0.size(); i10++) {
            OCSPResp oCSPResp = new OCSPResp(g4.C0((b1) C0.g1(i10)));
            if (oCSPResp.getStatus() == 0) {
                try {
                    arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                } catch (OCSPException e10) {
                    throw new GeneralSecurityException((Throwable) e10);
                }
            }
        }
        return arrayList;
    }

    public void g(r.c cVar) {
        this.f87704e = cVar;
    }

    public void h(f fVar) {
        this.f87663a = fVar;
    }

    public void i(boolean z10) {
        this.f87705f = z10;
    }

    public void j() throws IOException, GeneralSecurityException {
        h7.b bVar = f87703n;
        bVar.f("Switching to previous revision.");
        this.f87711l = false;
        this.f87712m = this.f87706g.F().G0(c3.T7);
        Calendar z10 = this.f87710k.z();
        if (z10 == null) {
            z10 = this.f87710k.v();
        }
        this.f87708i = z10.getTime();
        ArrayList<String> C = this.f87707h.C();
        if (C.size() <= 1) {
            bVar.f("No signatures in revision");
            this.f87710k = null;
            return;
        }
        this.f87709j = C.get(C.size() - 2);
        g4 g4Var = new g4(this.f87707h.g(this.f87709j));
        this.f87706g = g4Var;
        i7.a C2 = g4Var.C();
        this.f87707h = C2;
        ArrayList<String> C3 = C2.C();
        this.f87709j = C3.get(C3.size() - 1);
        x d10 = d();
        this.f87710k = d10;
        Object[] objArr = new Object[2];
        objArr[0] = d10.D() ? "document-level timestamp " : "";
        objArr[1] = this.f87709j;
        bVar.f(String.format("Checking %ssignature %s", objArr));
    }

    public List<h0> k(List<h0> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.f87710k != null) {
            list.addAll(m());
        }
        return list;
    }

    public void l(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i10 = 0; i10 < certificateArr.length; i10++) {
            ((X509Certificate) certificateArr[i10]).checkValidity(this.f87708i);
            if (i10 > 0) {
                certificateArr[i10 - 1].verify(certificateArr[i10].getPublicKey());
            }
        }
        f87703n.f("All certificates are valid on " + this.f87708i.toString());
    }

    public List<h0> m() throws GeneralSecurityException, IOException {
        f87703n.f("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] u10 = this.f87710k.u();
        l(u10);
        int length = r.c.WHOLE_CHAIN.equals(this.f87704e) ? u10.length : 1;
        int i10 = 0;
        while (i10 < length) {
            int i11 = i10 + 1;
            X509Certificate x509Certificate = (X509Certificate) u10[i10];
            X509Certificate x509Certificate2 = i11 < u10.length ? (X509Certificate) u10[i11] : null;
            f87703n.f(x509Certificate.getSubjectDN().getName());
            List<h0> b10 = b(x509Certificate, x509Certificate2, this.f87708i);
            if (b10.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.f87711l && u10.length > 1) {
                        b10.add(new h0(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (b10.size() == 0 && this.f87705f) {
                        throw new GeneralSecurityException();
                    }
                    if (u10.length > 1) {
                        b10.add(new h0(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException unused) {
                    throw new g0(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(b10);
            i10 = i11;
        }
        j();
        return arrayList;
    }
}
